Bootkit? Help
Inviato: mar apr 19, 2011 11:58 pm
da [S]
Salve a tutti, da giorni ho problemi con il mio pc, Windows XP SP3 - 32Bit, ho fatto delle scansioni con vari tool che ho letto qui su MegaLab. Ogni volta che faccio una scansione con combofix, mi rileva un bootkit (che dovrebbe generarsi ad ogni riavvio, credo), questa è l'errore che compare sempre:
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
Questa è il log di Combofix:
Ho anche usato l'MBR per vedere se era tutto ok, ecco qui il risultato:
Spero davvero in un vostro aiuto perché oramai non so più che fare.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
Questa è il log di Combofix:
ComboFix 11-04-19.01 - Administrator 19.04.2011 23:29:56.10.2 - x86
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Downloaded Installers
c:\programmi\Downloaded Installers\{4613F39B-AE3E-42D8-840E-190945136EA6}\setup.msi
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2011-03-19 al 2011-04-19 )))))))))))))))))))))))))))))))))))
.
.
2011-04-19 12:47 . 2011-04-19 12:47 53248 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-19 12:46 . 2011-04-19 12:46 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Logishrd
2011-04-19 12:43 . 2011-04-19 12:45 -------- d-----w- c:\programmi\Logitech
2011-04-19 12:39 . 2011-04-19 12:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Logitech
2011-04-19 12:36 . 2006-02-06 13:54 24064 ----a-r- c:\windows\system32\PostProc.dll
2011-04-19 12:36 . 2001-09-19 11:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2011-04-19 12:36 . 2006-04-27 04:42 93824 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2011-04-19 12:36 . 2006-03-17 16:18 392960 ----a-r- c:\windows\system32\drivers\senfilt.sys
2011-04-19 12:36 . 2006-06-27 11:43 245760 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2011-04-18 18:33 . 2011-04-18 18:33 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-18 18:33 . 2011-04-18 18:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2011-04-18 18:14 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-18 18:14 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-18 18:14 . 2011-04-08 05:14 4111232 ----a-w- c:\windows\system32\SET327.tmp
2011-04-18 18:14 . 2011-04-08 05:14 2027008 ----a-w- c:\windows\system32\SET32B.tmp
2011-04-18 11:35 . 2011-04-18 11:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\NVIDIA
2011-04-18 11:28 . 2011-04-18 11:28 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ArcSoft
2011-04-18 11:28 . 2011-04-18 11:37 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:53 -------- d-----w- c:\programmi\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:50 -------- d-----w- c:\programmi\File comuni\ArcSoft
2011-04-18 11:23 . 2011-04-18 11:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ArcSoft
2011-04-16 17:35 . 2011-04-16 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Elephant Games
2011-04-16 17:35 . 2011-04-16 17:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Elephant Games
2011-04-14 23:21 . 2011-04-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SunRay Games
2011-04-13 20:42 . 2011-04-13 20:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2011-04-13 20:41 . 2011-04-13 20:41 -------- d-----w- c:\programmi\Yuna Software
2011-04-13 20:34 . 2011-04-13 20:34 -------- d-----w- c:\programmi\Secway
2011-04-13 20:24 . 2011-04-13 20:24 -------- d-----w- c:\programmi\Microsoft
2011-04-13 20:24 . 2011-04-13 20:24 -------- d-----w- c:\programmi\Windows Live
2011-04-13 16:52 . 2011-04-19 15:00 -------- d-----w- c:\documents and settings\Administrator\Tracing
2011-04-12 23:24 . 2011-04-12 23:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Axialis
2011-04-12 23:24 . 2011-04-13 00:02 -------- d-----w- c:\programmi\Axialis
2011-04-12 23:24 . 2011-04-13 00:02 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Axialis
2011-04-12 16:52 . 2011-04-12 16:52 -------- d-----w- c:\programmi\File comuni\Spigot
2011-04-11 18:10 . 2011-04-11 18:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AltrixSoft
2011-04-11 18:10 . 2011-04-11 18:12 -------- d-----w- c:\programmi\File comuni\AltrixSoft
2011-04-11 17:08 . 2011-04-11 17:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\RaimaRadioPro
2011-04-11 17:08 . 2011-04-11 17:09 -------- d-----w- c:\programmi\RarmaRadio
2011-04-10 02:59 . 2011-04-10 02:59 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2011-04-10 02:55 . 2011-04-10 02:58 -------- d-----w- c:\programmi\DriverUpdate
2011-04-09 22:54 . 2011-04-10 00:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skunk Studios
2011-04-09 20:54 . 2011-04-09 20:55 -------- d-----w- c:\programmi\MultiExtractor
2011-04-09 20:54 . 2011-04-09 20:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MultiExtractor
2011-04-08 14:10 . 2011-04-08 14:14 -------- d-----w- c:\programmi\Chainz Galaxy
2011-04-07 09:40 . 2011-04-07 09:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Yahoo!
2011-04-06 19:33 . 2011-04-06 19:33 -------- d-----w- c:\windows\Sun
2011-04-06 15:04 . 2011-04-06 21:39 -------- d-----w- C:\Zylom Games
2011-04-06 14:10 . 2011-04-06 14:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\unlimited illegal v1.4 16 05476 200938-499-41
2011-04-06 13:47 . 2011-04-06 13:47 -------- d-----w- c:\programmi\File comuni\Java
2011-04-06 13:46 . 2011-04-06 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-03 04:26 . 2011-04-03 04:26 -------- d-----w- c:\documents and settings\Administrator\Saved Games
2011-04-03 01:28 . 2011-04-03 01:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EA Core
2011-04-03 00:58 . 2011-04-03 00:58 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2011-04-03 00:23 . 2011-04-03 00:23 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Remove_Empty_Directories
2011-04-03 00:22 . 2011-04-03 00:22 -------- d-----w- c:\windows\system32\wbem\mof
2011-04-02 23:39 . 2011-04-02 23:39 -------- d-----w- c:\programmi\Remove Empty Directories
2011-03-31 00:38 . 2011-03-31 00:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2011-03-29 15:23 . 2011-03-29 15:23 -------- d-----w- c:\programmi\Auslogics
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia
2011-03-25 18:37 . 2011-03-25 19:13 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PC Tools Performance Toolkit
2011-03-23 21:33 . 2011-03-23 21:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ShinyTales
2011-03-23 21:22 . 2011-03-23 21:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MythPeople
2011-03-23 19:52 . 2011-03-23 19:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Anthropics
2011-03-23 19:18 . 2011-03-23 19:19 -------- d-----w- c:\programmi\Portrait Professional Studio 9
2011-03-22 21:54 . 2011-03-22 21:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15E2.tmp
2011-03-22 21:54 . 2011-03-22 21:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DF.tmp
2011-03-22 21:54 . 2011-03-22 21:54 14177 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DD.tmp
2011-03-22 21:54 . 2011-03-22 21:54 8114 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DB.tmp
2011-03-22 21:41 . 2011-03-22 21:41 -------- d-----w- c:\programmi\SiSoftware
2011-03-21 14:38 . 2011-03-21 14:38 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-03-21 14:30 . 2011-03-21 14:30 -------- d-----w- c:\windows\system32\xlive
2011-03-21 14:30 . 2011-03-21 14:32 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2011-03-21 00:19 . 2011-03-21 00:20 -------- d-----w- c:\programmi\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 13:46 . 2010-05-11 14:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 13:13 . 2011-02-11 19:03 557328 ----a-w- c:\windows\system32\DAO360.DLL
2011-04-02 14:01 . 2009-12-09 06:24 5302 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-24 21:24 . 2009-04-23 20:08 29480 ------w- c:\windows\system32\msxml3a.dll
2011-03-24 21:24 . 2003-02-21 03:42 353576 ------w- c:\windows\system32\msvcr71.dll
2011-03-24 21:24 . 2003-03-18 19:14 505128 ------w- c:\windows\system32\msvcp71.dll
2011-03-15 10:08 . 2011-03-15 10:08 0 ------w- c:\windows\system32\REN4D92.tmp
2011-03-10 19:00 . 2011-03-11 04:08 835480 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-10 19:00 . 2011-03-11 04:08 938904 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-10 19:00 . 2010-04-04 14:19 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-10 19:00 . 2010-04-04 14:19 2252904 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-03-10 19:00 . 2009-03-27 08:03 4984832 ----a-w- c:\windows\system32\nvcuda.dll
2011-03-10 19:00 . 2009-03-27 08:03 2918504 ----a-w- c:\windows\system32\nvcuvid.dll
2011-03-10 19:00 . 2009-03-27 08:03 14675968 ----a-w- c:\windows\system32\nvoglnt.dll
2011-03-10 19:00 . 2010-04-04 14:19 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-03-10 19:00 . 2009-03-27 08:03 9925408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-10 19:00 . 2009-03-27 08:03 6407808 ----a-w- c:\windows\system32\nv4_disp.dll
2011-03-10 19:00 . 2009-03-27 08:03 1974272 ----a-w- c:\windows\system32\nvapi.dll
2011-03-08 11:26 . 2011-03-08 11:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-03-08 11:26 . 2011-03-08 11:26 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-03-08 11:26 . 2011-03-08 11:26 13881448 ----a-w- c:\windows\system32\nvcpl.dll
2011-03-08 11:26 . 2011-03-08 11:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-03-08 11:26 . 2011-03-08 11:26 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-03-08 11:26 . 2011-03-08 11:26 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-03-08 11:26 . 2011-03-08 11:26 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-08 11:26 . 2011-03-08 11:26 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-03-08 11:26 . 2011-03-08 11:26 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-03-08 11:26 . 2011-03-08 11:26 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-03-08 11:26 . 2011-03-08 11:26 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-03-08 11:26 . 2011-03-08 11:26 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-03-08 11:26 . 2011-03-08 11:26 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-03-08 11:26 . 2011-03-08 11:26 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-03-08 11:26 . 2011-03-08 11:26 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-02-22 06:38 . 2011-02-22 06:38 86016 ------w- c:\windows\system32\frapsvid.dll
2011-02-06 10:40 . 2011-02-06 10:40 93696 ------w- c:\windows\system32\EP1KSSP.DLL
2011-02-06 10:40 . 2011-02-06 10:40 178176 ------w- c:\windows\system32\ep1k_certd.exe
2011-02-06 10:40 . 2011-02-06 10:40 12288 ------w- c:\windows\system32\ep1ksrv.exe
2011-02-06 10:40 . 2011-02-06 10:40 446464 ------w- c:\windows\system32\EP1CSP32.DAT
2011-02-06 10:40 . 2011-02-06 10:40 24064 ------w- c:\windows\system32\JEPSAI20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 180224 ------w- c:\windows\system32\EP1CSP32.DLL
2011-02-06 10:40 . 2011-02-06 10:40 165888 ------w- c:\windows\system32\EP1PK111.DLL
2011-02-06 10:40 . 2011-02-06 10:40 95232 ------w- c:\windows\system32\EP1KDL20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPSMODU.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPASMOD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 69632 ------w- c:\windows\system32\EPSMODUE.DLL
2011-02-06 10:40 . 2011-02-06 10:40 53248 ------w- c:\windows\system32\EPASSMDFULL.DLL
2011-02-06 10:40 . 2011-02-06 10:40 45056 ------w- c:\windows\system32\EPASSMD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 4608 ------w- c:\windows\system32\ft1kco.dll
2011-02-06 10:40 . 2011-02-06 10:40 22272 ------w- c:\windows\system32\drivers\eps1k.sys
2011-02-06 10:40 . 2011-02-06 10:40 9856 ------w- c:\windows\system32\drivers\usbic1k.SYS
2011-02-06 10:40 . 2011-02-06 10:40 8832 ------w- c:\windows\system32\drivers\IC1KENUM.SYS
2010-02-18 23:28 . 2010-02-18 23:28 774144 ----a-w- c:\programmi\RngInterstitial.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-14 12:00 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\SevenMizer\old\comres.dll
[-] 2008-04-14 12:00 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2008-04-14 . 899C00F3EE822D7871F5948A1E088DC2 . 770560 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[7] 2010-05-04 . 77968988F8D07572499D9181B47E2B12 . 3603456 . . [7.00.6000.21264] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-03-11 . 42CCADED3A3430D0A96C3C2077DA79B4 . 3602944 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[7] 2009-10-29 . 6A23746C85468A631B25050C59C2CA14 . 3602432 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-08-29 . 68B859DDC8FF192D9FFC02229B6BE355 . 3600384 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-07-19 . 5E84885C93642BB82E88CD1CBC345FAF . 3600384 . . [7.00.6000.21089] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-04-29 . 2ECF7C62E692BBE1D7F9A72B42AECAA9 . 3598336 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-01-16 . 872E162F24BD5AF017D6F0BE1AC417EB . 3593728 . . [7.00.6000.20753] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
.
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[7] 2010-05-04 . 4CD4DB297B3D6D83F04BE7912B946428 . 841216 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-03-11 . 776681CB75D9DE5EF363FFDEA8D7DA97 . 841216 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[7] 2009-10-29 . 24A9BC124187E37A2BE67DFE5BB1A681 . 841216 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[7] 2009-08-29 . EFC043E6C9D34BA3B22CE51347F08D32 . 840704 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[7] 2009-06-29 . 9BA2E22993954B2C433FDC229801EEFE . 828928 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[7] 2009-04-29 . D327397F4448DCB912E9FE78C9A94C88 . 828928 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
.
[-] 2008-04-14 . F2F479CD6EB8DC808B5DAF2C9F3A3C8D . 1561600 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SevenMizer\old\explorer.exe
.
[7] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ole32.dll
[-] 2008-04-14 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
.
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[7] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\hnetcfg.dll
[-] 2008-04-14 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[7] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . CC0BD6DF954A759B0C36116AB34F1C85 . 2028032 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 4DC824C3F81A65DAAD9B22D99CF2A031 . 2027520 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . BC8D2FF46D42B76655F443EF1386930F . 2027520 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
.
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\iexplore.exe
[-] 2010-04-16 . 163987977BFA1784DF8D662048FF8970 . 724248 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
.
[7] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-16 . 2A3C8C51E0D91616415720C48A3E5A66 . 2149888 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . AD4454ABC73B4B1EB92E627681E17496 . 2148864 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 15315CDC4A67DCBBAE59967F08129499 . 2148864 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 2054360]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"CanonSolutionMenuEx"="c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\programmi\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^is-6O6IH.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2011-03-19 23:17 4743240 ----a-w- c:\program files\360Amigo\360Amigo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-10-13 10:16 165144 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-26 22:39 323392 ----a-w- c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 10:52 86016 ----a-w- c:\programmi\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
2009-12-31 15:36 13561856 ----a-w- c:\programmi\Driver Checker\DriverChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32 1352272 ----a-w- c:\programmi\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-09 17:23 133104 ----atw- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
2009-09-02 04:30 687104 ----a-w- c:\windows\is-QOJPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 16:08 443728 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegakeyUpdater]
2011-01-13 05:38 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegakeyUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-26 22:42 2937528 ----a-w- c:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51 25088 ------r- c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28 247144 ----a-w- c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-06-06 13:03 222504 ----a-w- c:\programmi\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2007-12-20 15:05 77824 ------w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"gusvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverUpdate"="c:\programmi\DriverUpdate\DriverUpdate.exe" -boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\filehippo.com\\UpdateChecker.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\Programmi\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"c:\\Programmi\\FreePOPs\\freepopsd.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26731:TCP"= 26731:TCP:*:Disabled:SolidNetworkManager
"26731:UDP"= 26731:UDP:*:Disabled:SolidNetworkManager
"5009:TCP"= 5009:TCP:SolidNetworkManager
"5009:UDP"= 5009:UDP:SolidNetworkManager
"56827:TCP"= 56827:TCP:Pando Media Booster
"56827:UDP"= 56827:UDP:Pando Media Booster
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-30 1483072]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gwiopm;gwiopm;c:\programmi\My Drivers\gwiopm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe [2009-08-09 93848]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-01-06 22024]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2010-01-06 27656]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-06-12 971232]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-04-03 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-04-03 53248]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-10-01 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-01 96408]
S1 is-6O6IHdrv;is-6O6IHdrv;c:\windows\system32\DRIVERS\05165413.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2009-09-02 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-01 735960]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmi\File comuni\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-11 65856]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2005-07-15 45696]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 ft1kEnum;usb Card Device 1000;c:\windows\system32\DRIVERS\ic1kenum.sys [2011-02-06 8832]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
S3 Reader_1000;USB SmartCard Reader Device 1000 ;c:\windows\system32\DRIVERS\usbic1k.sys [2011-02-06 9856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTER-A04070-Administrator.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 14:04]
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-842925246-1177238915-500.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-09 17:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Capture Web Page - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
LSP: c:\documents and settings\All Users\Dati applicazioni\Megamedia\Megakey\msadm.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ln9e66g5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_ ... ST&search=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\programmi\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\programmi\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-Simp - (no file)
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87118821-B996-BE12-BBCA-B6BDF39E5A17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abpnmffeooajilkcafhegojfckkhekkbkg"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,
6f,64,6e,6b,66,62,64,67,00,00
"pafncffijobobldilcdhknhghadjfdoo"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,6f,
64,6e,6b,66,62,64,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07A774A0-6047-11D1-BA20-006097D2898E}]
@DACL=(02 0000)
@="Logagent Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEE3E4A8-EF01-4024-A0F1-809D9B096E14}]
@DACL=(02 0000)
@="Windows Media Player Encoder Helper Class"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.1"
"UniqueId"="0003DDCE4B12D900"
"ScannerBuild"=dword:0000167c
"ScannerVersionId"=dword:0000117a
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):90,5e,74,b8,3a,7a,6a,b0
"ei1"=hex(b):00,1a,92,bb,92,be,00,00
"ei3"=hex(b):fb,8c,7c,4d,00,00,00,00
"ei4"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="4FB598A81C297AD6EE0812567CA44E64AC17A8865E4A138F4F09603F6B6CFA61DF5E03CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555BA7FD869164D6794533C1902A7B859338BB89CC266D665783264BF73002CFC4F0A9A6B5141C99AD61EFA18840C0C1B89425006EB64724B2CADCC87BE95C3711F211F5B02DB7D75F01CC31542A02291C9A0B71D295044162310F6B75AB0EC37D08C421DA5D757F6D67340AA88A16A11965E6B95FCC416024540473C9AEF73162F05F7FA86753B8EDA4F131A360E86D2E83855C97B2469B1CCAB19286AB353B7DD48A6DC84B6C20FA3DDCE47BFA94D7109EDD7354E117129CCC2B92F48A03BAB4F182AD294623BB02A527CB9AEF9C7ED95C148FA33F41453A57A6A2EC59F1163CD3A510FBA01A70FBCE3179C1D4CB72D04FB6EDC7BF96EFC11CAE2228A5F6D35F478DE6915613C287B4B0F41BDAE8C78186988C50C92CFD71A314B2C4FD01D5C35208ADC5295E260DEC8C79A53F36E7A6F5747C2DCF0BBF721ADC29363A79FF555827D07B3F4397FAE1E1B403633B645769C4F837D8E6958D8C55C40A85E2A85EBF658AB131890B0091353EE5348F44BF00EBADD8D26C355CA029CC095B1A4F068D42F325ADD6E825FF0B1872A52EB66F40815CAC3B96BB0D0ED7DC7B3A2AC8288FB062589E78D697987688B50B31152EEEA6067E80DB3101C9BECAB23F69169E24B5A32321D593B6E28A1A36C948F301C1A9172D827247CAE1E4E64143759B6DEAB1B2EFD277435ADAA789DBBDEC4048FFC91D386557764E28F76124EAFBAE2BB84290FA7743576F86A7C678E43C536307FBC1376269E97628BAF742B73A44687C3DDEF7DB7A302E5C332944833D613B911655DC2EF3C4DADB338F298D6B421A8DB030E6265FDBEDD9B925E6367F34BB825CF8218C8271C19AC42979A72C113D7C2D84F4FB835789ED687A069DACA7292B4B4F8B78EEC844C9DF28EC524D1A521F011B84E31EFDEB961F2D9FBCBBD027CB9415876E04BE5C234E4AB458D25C06664D2F6808D070516A9A7AFCFBD635501B317DEBEA33607CA22A6E35792A835DA20B95696D78863ECA1EEE8ACF787AD00A74BEB8CFDD5908B993951CC5C83B308A6D4CA59D7B453CBBF83F1EE85A6302B9D668572DE8510795614B18E598D534B05A66BA29B02951400165A85B574E28A1FE45594F2D37561922067153A518C55C6267364F51B4EFB60C956F69BD734F7BDB8A5ADB18598640F3BF7EEF212C02AFEBF421FFDDA820F63B8BD5A0EEA74228B4769095190327512370DBE3EC231A2C1D0D86B0CD4202710EC0D5CA97C568C22E7B5894DA2DE5B63DBF5BA980D056B29ACDFF4BF4E74F970E6E2BC4B8D748C1CE8C124"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1916)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2011-04-20 00:03:57
ComboFix-quarantined-files.txt 2011-04-19 22:03
.
Pre-Run: 59'216'257'024 byte disponibili
Post-Run: 59'188'068'352 byte disponibili
.
- - End Of File - - 6DB88C39ECD50DBFA8743EF01D03E40D
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active
.
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programmi\Downloaded Installers
c:\programmi\Downloaded Installers\{4613F39B-AE3E-42D8-840E-190945136EA6}\setup.msi
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2011-03-19 al 2011-04-19 )))))))))))))))))))))))))))))))))))
.
.
2011-04-19 12:47 . 2011-04-19 12:47 53248 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-19 12:46 . 2011-04-19 12:46 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Logishrd
2011-04-19 12:43 . 2011-04-19 12:45 -------- d-----w- c:\programmi\Logitech
2011-04-19 12:39 . 2011-04-19 12:46 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Logitech
2011-04-19 12:36 . 2006-02-06 13:54 24064 ----a-r- c:\windows\system32\PostProc.dll
2011-04-19 12:36 . 2001-09-19 11:47 765952 ----a-r- c:\windows\system\crlds3d.dll
2011-04-19 12:36 . 2006-04-27 04:42 93824 ----a-r- c:\windows\system32\drivers\aeaudio.sys
2011-04-19 12:36 . 2006-03-17 16:18 392960 ----a-r- c:\windows\system32\drivers\senfilt.sys
2011-04-19 12:36 . 2006-06-27 11:43 245760 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2011-04-18 18:33 . 2011-04-18 18:33 -------- d-----w- c:\documents and settings\UpdatusUser
2011-04-18 18:33 . 2011-04-18 18:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2011-04-18 18:14 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-18 18:14 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-18 18:14 . 2011-04-08 05:14 4111232 ----a-w- c:\windows\system32\SET327.tmp
2011-04-18 18:14 . 2011-04-08 05:14 2027008 ----a-w- c:\windows\system32\SET32B.tmp
2011-04-18 11:35 . 2011-04-18 11:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\NVIDIA
2011-04-18 11:28 . 2011-04-18 11:28 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\ArcSoft
2011-04-18 11:28 . 2011-04-18 11:37 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:53 -------- d-----w- c:\programmi\ArcSoft
2011-04-18 11:24 . 2011-04-18 13:50 -------- d-----w- c:\programmi\File comuni\ArcSoft
2011-04-18 11:23 . 2011-04-18 11:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ArcSoft
2011-04-16 17:35 . 2011-04-16 17:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Elephant Games
2011-04-16 17:35 . 2011-04-16 17:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Elephant Games
2011-04-14 23:21 . 2011-04-14 23:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SunRay Games
2011-04-13 20:42 . 2011-04-13 20:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2011-04-13 20:41 . 2011-04-13 20:41 -------- d-----w- c:\programmi\Yuna Software
2011-04-13 20:34 . 2011-04-13 20:34 -------- d-----w- c:\programmi\Secway
2011-04-13 20:24 . 2011-04-13 20:24 -------- d-----w- c:\programmi\Microsoft
2011-04-13 20:24 . 2011-04-13 20:24 -------- d-----w- c:\programmi\Windows Live
2011-04-13 16:52 . 2011-04-19 15:00 -------- d-----w- c:\documents and settings\Administrator\Tracing
2011-04-12 23:24 . 2011-04-12 23:24 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Axialis
2011-04-12 23:24 . 2011-04-13 00:02 -------- d-----w- c:\programmi\Axialis
2011-04-12 23:24 . 2011-04-13 00:02 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Axialis
2011-04-12 16:52 . 2011-04-12 16:52 -------- d-----w- c:\programmi\File comuni\Spigot
2011-04-11 18:10 . 2011-04-11 18:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AltrixSoft
2011-04-11 18:10 . 2011-04-11 18:12 -------- d-----w- c:\programmi\File comuni\AltrixSoft
2011-04-11 17:08 . 2011-04-11 17:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\RaimaRadioPro
2011-04-11 17:08 . 2011-04-11 17:09 -------- d-----w- c:\programmi\RarmaRadio
2011-04-10 02:59 . 2011-04-10 02:59 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\SlimWare Utilities Inc
2011-04-10 02:55 . 2011-04-10 02:58 -------- d-----w- c:\programmi\DriverUpdate
2011-04-09 22:54 . 2011-04-10 00:37 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skunk Studios
2011-04-09 20:54 . 2011-04-09 20:55 -------- d-----w- c:\programmi\MultiExtractor
2011-04-09 20:54 . 2011-04-09 20:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\MultiExtractor
2011-04-08 14:10 . 2011-04-08 14:14 -------- d-----w- c:\programmi\Chainz Galaxy
2011-04-07 09:40 . 2011-04-07 09:40 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Yahoo!
2011-04-06 19:33 . 2011-04-06 19:33 -------- d-----w- c:\windows\Sun
2011-04-06 15:04 . 2011-04-06 21:39 -------- d-----w- C:\Zylom Games
2011-04-06 14:10 . 2011-04-06 14:10 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\unlimited illegal v1.4 16 05476 200938-499-41
2011-04-06 13:47 . 2011-04-06 13:47 -------- d-----w- c:\programmi\File comuni\Java
2011-04-06 13:46 . 2011-04-06 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-03 04:26 . 2011-04-03 04:26 -------- d-----w- c:\documents and settings\Administrator\Saved Games
2011-04-03 01:28 . 2011-04-03 01:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EA Core
2011-04-03 00:58 . 2011-04-03 00:58 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Temp
2011-04-03 00:23 . 2011-04-03 00:23 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Remove_Empty_Directories
2011-04-03 00:22 . 2011-04-03 00:22 -------- d-----w- c:\windows\system32\wbem\mof
2011-04-02 23:39 . 2011-04-02 23:39 -------- d-----w- c:\programmi\Remove Empty Directories
2011-03-31 00:38 . 2011-03-31 00:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Electronic Arts
2011-03-29 15:23 . 2011-03-29 15:23 -------- d-----w- c:\programmi\Auslogics
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Megamedia
2011-03-29 11:57 . 2011-03-29 11:57 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia
2011-03-25 18:37 . 2011-03-25 19:13 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PC Tools Performance Toolkit
2011-03-23 21:33 . 2011-03-23 21:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ShinyTales
2011-03-23 21:22 . 2011-03-23 21:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MythPeople
2011-03-23 19:52 . 2011-03-23 19:52 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Anthropics
2011-03-23 19:18 . 2011-03-23 19:19 -------- d-----w- c:\programmi\Portrait Professional Studio 9
2011-03-22 21:54 . 2011-03-22 21:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15E2.tmp
2011-03-22 21:54 . 2011-03-22 21:54 0 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DF.tmp
2011-03-22 21:54 . 2011-03-22 21:54 14177 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DD.tmp
2011-03-22 21:54 . 2011-03-22 21:54 8114 ----a-w- c:\documents and settings\All Users\Dati applicazioni\xml15DB.tmp
2011-03-22 21:41 . 2011-03-22 21:41 -------- d-----w- c:\programmi\SiSoftware
2011-03-21 14:38 . 2011-03-21 14:38 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-03-21 14:30 . 2011-03-21 14:30 -------- d-----w- c:\windows\system32\xlive
2011-03-21 14:30 . 2011-03-21 14:32 -------- d-----w- c:\programmi\Microsoft Games for Windows - LIVE
2011-03-21 00:19 . 2011-03-21 00:20 -------- d-----w- c:\programmi\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 13:46 . 2010-05-11 14:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 13:13 . 2011-02-11 19:03 557328 ----a-w- c:\windows\system32\DAO360.DLL
2011-04-02 14:01 . 2009-12-09 06:24 5302 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-24 21:24 . 2009-04-23 20:08 29480 ------w- c:\windows\system32\msxml3a.dll
2011-03-24 21:24 . 2003-02-21 03:42 353576 ------w- c:\windows\system32\msvcr71.dll
2011-03-24 21:24 . 2003-03-18 19:14 505128 ------w- c:\windows\system32\msvcp71.dll
2011-03-15 10:08 . 2011-03-15 10:08 0 ------w- c:\windows\system32\REN4D92.tmp
2011-03-10 19:00 . 2011-03-11 04:08 835480 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-03-10 19:00 . 2011-03-11 04:08 938904 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-03-10 19:00 . 2010-04-04 14:19 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-10 19:00 . 2010-04-04 14:19 2252904 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-03-10 19:00 . 2009-03-27 08:03 4984832 ----a-w- c:\windows\system32\nvcuda.dll
2011-03-10 19:00 . 2009-03-27 08:03 2918504 ----a-w- c:\windows\system32\nvcuvid.dll
2011-03-10 19:00 . 2009-03-27 08:03 14675968 ----a-w- c:\windows\system32\nvoglnt.dll
2011-03-10 19:00 . 2010-04-04 14:19 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-03-10 19:00 . 2009-03-27 08:03 9925408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-10 19:00 . 2009-03-27 08:03 6407808 ----a-w- c:\windows\system32\nv4_disp.dll
2011-03-10 19:00 . 2009-03-27 08:03 1974272 ----a-w- c:\windows\system32\nvapi.dll
2011-03-08 11:26 . 2011-03-08 11:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-03-08 11:26 . 2011-03-08 11:26 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-03-08 11:26 . 2011-03-08 11:26 13881448 ----a-w- c:\windows\system32\nvcpl.dll
2011-03-08 11:26 . 2011-03-08 11:26 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-03-08 11:26 . 2011-03-08 11:26 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-03-08 11:26 . 2011-03-08 11:26 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-03-08 11:26 . 2011-03-08 11:26 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-08 11:26 . 2011-03-08 11:26 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-03-08 11:26 . 2011-03-08 11:26 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-03-08 11:26 . 2011-03-08 11:26 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-03-08 11:26 . 2011-03-08 11:26 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-03-08 11:26 . 2011-03-08 11:26 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-03-08 11:26 . 2011-03-08 11:26 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-03-08 11:26 . 2011-03-08 11:26 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-03-08 11:26 . 2011-03-08 11:26 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-03-08 11:26 . 2011-03-08 11:26 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-03-08 11:26 . 2011-03-08 11:26 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-03-08 11:26 . 2011-03-08 11:26 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-03-08 11:26 . 2011-03-08 11:26 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-03-08 11:26 . 2011-03-08 11:26 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-03-08 11:26 . 2011-03-08 11:26 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-02-22 06:38 . 2011-02-22 06:38 86016 ------w- c:\windows\system32\frapsvid.dll
2011-02-06 10:40 . 2011-02-06 10:40 93696 ------w- c:\windows\system32\EP1KSSP.DLL
2011-02-06 10:40 . 2011-02-06 10:40 178176 ------w- c:\windows\system32\ep1k_certd.exe
2011-02-06 10:40 . 2011-02-06 10:40 12288 ------w- c:\windows\system32\ep1ksrv.exe
2011-02-06 10:40 . 2011-02-06 10:40 446464 ------w- c:\windows\system32\EP1CSP32.DAT
2011-02-06 10:40 . 2011-02-06 10:40 24064 ------w- c:\windows\system32\JEPSAI20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 180224 ------w- c:\windows\system32\EP1CSP32.DLL
2011-02-06 10:40 . 2011-02-06 10:40 165888 ------w- c:\windows\system32\EP1PK111.DLL
2011-02-06 10:40 . 2011-02-06 10:40 95232 ------w- c:\windows\system32\EP1KDL20.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPSMODU.DLL
2011-02-06 10:40 . 2011-02-06 10:40 81920 ------w- c:\windows\system32\EPASMOD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 69632 ------w- c:\windows\system32\EPSMODUE.DLL
2011-02-06 10:40 . 2011-02-06 10:40 53248 ------w- c:\windows\system32\EPASSMDFULL.DLL
2011-02-06 10:40 . 2011-02-06 10:40 45056 ------w- c:\windows\system32\EPASSMD.DLL
2011-02-06 10:40 . 2011-02-06 10:40 4608 ------w- c:\windows\system32\ft1kco.dll
2011-02-06 10:40 . 2011-02-06 10:40 22272 ------w- c:\windows\system32\drivers\eps1k.sys
2011-02-06 10:40 . 2011-02-06 10:40 9856 ------w- c:\windows\system32\drivers\usbic1k.SYS
2011-02-06 10:40 . 2011-02-06 10:40 8832 ------w- c:\windows\system32\drivers\IC1KENUM.SYS
2010-02-18 23:28 . 2010-02-18 23:28 774144 ----a-w- c:\programmi\RngInterstitial.dll
.
.
------- Sigcheck -------
.
[7] 2008-04-14 12:00 . C43124F63818E65CAFA49D3957C3CA67 . 845824 . . [2001.12.4414.700] . . c:\windows\SevenMizer\old\comres.dll
[-] 2008-04-14 12:00 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\SevenMizer\old\comctl32.dll
[-] 2008-04-14 . 899C00F3EE822D7871F5948A1E088DC2 . 770560 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[7] 2010-05-04 . 77968988F8D07572499D9181B47E2B12 . 3603456 . . [7.00.6000.21264] . . c:\windows\SevenMizer\old\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\mshtml.dll
[-] 2010-05-04 . E8783F7945F7CEC61F23FEA9524AB77C . 3828224 . . [7.00.6000.21264] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-03-11 . 42CCADED3A3430D0A96C3C2077DA79B4 . 3602944 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\mshtml.dll
[7] 2010-01-05 . 8B2AB0803BBCBA6B14B78A6208E30C56 . 3602944 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[7] 2009-10-29 . 6A23746C85468A631B25050C59C2CA14 . 3602432 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[7] 2009-10-21 . B8D6A50D6306F869C771B77FBC793FAD . 3602432 . . [7.00.6000.21142] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[7] 2009-08-29 . 68B859DDC8FF192D9FFC02229B6BE355 . 3600384 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[7] 2009-07-19 . 5E84885C93642BB82E88CD1CBC345FAF . 3600384 . . [7.00.6000.21089] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[7] 2009-04-29 . 2ECF7C62E692BBE1D7F9A72B42AECAA9 . 3598336 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[7] 2009-02-21 . 2358FF7E9C728932FC3C075935978086 . 3596800 . . [7.00.6000.21015] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[7] 2009-01-16 . B868CBA86B7AA951131E511DC3436544 . 3596288 . . [7.00.6000.20996] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[7] 2008-12-13 . C352D6D2EFC11942BA84B996BAFFB182 . 3594752 . . [7.00.6000.20973] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[7] 2008-10-16 . 6EA04EE075C69345AB9B90C7A8740A04 . 3595264 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[7] 2008-08-26 . FA61793E4E3F5C896C0728F350E30FAF . 3594752 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[7] 2008-06-23 . 8E52FEC7D214C3B62871F8637F204114 . 3594240 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[7] 2008-01-16 . 872E162F24BD5AF017D6F0BE1AC417EB . 3593728 . . [7.00.6000.20753] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
.
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll
[7] 2008-04-14 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\user32.dll
[-] 2008-04-14 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[7] 2010-05-04 . 4CD4DB297B3D6D83F04BE7912B946428 . 841216 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\wininet.dll
[-] 2010-05-04 . 7B6EAAB6EF34CA886737AC2D1EC21CBD . 942592 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-03-11 . 776681CB75D9DE5EF363FFDEA8D7DA97 . 841216 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ERDNT\cache\wininet.dll
[7] 2010-01-05 . 4AA9CE48449B816084226EDAE4E309A0 . 841216 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[7] 2009-10-29 . 24A9BC124187E37A2BE67DFE5BB1A681 . 841216 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[7] 2009-08-29 . EFC043E6C9D34BA3B22CE51347F08D32 . 840704 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[7] 2009-06-29 . 9BA2E22993954B2C433FDC229801EEFE . 828928 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[7] 2009-04-29 . D327397F4448DCB912E9FE78C9A94C88 . 828928 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-03-03 . C04C42D707CDB4129B86C4E96FA5C24B . 828416 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2008-12-20 . 3F7320E0F75F2B5A7A9AD32AEA08BF21 . 827904 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 . F303CFED3D8B8348A54F7A53DDC7CCA0 . 827904 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-08-26 . 8E694EC9DA095E518D9447B3293208EA . 827904 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 . BF9D17259082632F03F3FF5759C6AE32 . 827904 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2007-12-07 . 39CCDA0E9B778792B06C1B9D794A9776 . 825344 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
.
[-] 2008-04-14 . F2F479CD6EB8DC808B5DAF2C9F3A3C8D . 1561600 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\SevenMizer\old\explorer.exe
.
[7] 2008-04-14 . DA5AB646CDA75F2801660F5754990D2F . 1287168 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ole32.dll
[-] 2008-04-14 . 9C53CD8539F65CB380347F6689C8F188 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
.
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[7] 2008-04-14 . 705B64A073DFF1AF96F49B00B9D297A3 . 346624 . . [5.1.2600.5512] . . c:\windows\SevenMizer\old\hnetcfg.dll
[-] 2008-04-14 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[7] 2010-02-16 . 32ACD29EE9D2C09BD471CDC23C31ED49 . 2070528 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2010-02-16 . CC0BD6DF954A759B0C36116AB34F1C85 . 2028032 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 4004BC6E3D2EDC907563CF5A12D88C58 . 2206208 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2010-02-16 . EAFDE69BE3EDF234CD222712F45A00B6 . 2070656 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 7CBE0358DBB005ED0ACC76E039621B5D . 2069888 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . 4DC824C3F81A65DAAD9B22D99CF2A031 . 2027520 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-04 . 845344F22D2BA7CDD2847B0B0A5D0EDD . 2069888 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-08-04 . A624667565D96E7DE0871CC1A144ED1C . 2027520 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[7] 2009-02-09 . 844C5BC1F022E7790BA6DD2610823BE6 . 2027520 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF69166080436A31A3EAC9CC7C3F1847 . 2069888 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . BC8D2FF46D42B76655F443EF1386930F . 2027520 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 . FE93732DE7D6EA191E2FF816341D6FFF . 2027520 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
.
[7] 2010-04-16 . B24A4E23A2FEDB6976EB04D334AD82B2 . 634648 . . [7.00.6000.21256] . . c:\windows\SevenMizer\old\iexplore.exe
[-] 2010-04-16 . 163987977BFA1784DF8D662048FF8970 . 724248 . . [7.00.6000.21256] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\ie7updates\KB982381-IE7\iexplore.exe
[7] 2009-12-18 . D19E56D5930C37CF211867DF450C372A . 634632 . . [7.00.6000.21183] . . c:\windows\ie7updates\KB980182-IE7\iexplore.exe
[7] 2009-10-28 . 80675329E0FD54F016C4F8A83C616349 . 634632 . . [7.00.6000.21148] . . c:\windows\ie7updates\KB978207-IE7\iexplore.exe
[7] 2009-08-27 . 332EC7562F3AA7364F2D4231C56DA986 . 634648 . . [7.00.6000.21115] . . c:\windows\ie7updates\KB976325-IE7\iexplore.exe
[7] 2009-06-29 . 02E2754D3E566C11A4934825920C47DD . 634632 . . [7.00.6000.21073] . . c:\windows\ie7updates\KB974455-IE7\iexplore.exe
[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\ie7updates\KB972260-IE7\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
.
[7] 2010-02-17 . CE3BE4BB511B6E0F81D5479F31922574 . 2193664 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2010-02-16 . 2A3C8C51E0D91616415720C48A3E5A66 . 2149888 . . [5.1.2600.5938] . . c:\windows\SevenMizer\old\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . FFB8496C3A7BD92A2D5FCFC83FFB5AD9 . 2328064 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-02-16 . 01CBC934223F6754C3CA87927D409E9E . 2193792 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 30A2AA7A19F9416EABF7D5F81616BD4D . 2193024 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . AD4454ABC73B4B1EB92E627681E17496 . 2148864 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . 9A164A8C771E9F2A5C8FE15FE7F74E2F . 2148864 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[7] 2009-08-04 . 66C0988D9B1BB7F41437D91DBCFDF927 . 2193024 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . 3B5928FCD0DD3E10DEB1C13CA35201F6 . 2192896 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-09 . 592F44BB500F995BEAD0EB8BA06BC104 . 2148864 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . 15315CDC4A67DCBBAE59967F08129499 . 2148864 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 . 85B6D05F83DFBAFEF5F58836CE39586C . 2148864 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
2011-01-13 04:16 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaIeHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-04-17 192512]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-01 2054360]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"Acrobat Assistant 8.0"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"CanonSolutionMenuEx"="c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-03-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-08 13881448]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]
.
c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
FreePOPs.lnk - c:\programmi\FreePOPs\freepopsd.exe [2008-12-27 49152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\programmi\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^is-6O6IH.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^Logitech . Registrazione prodotti.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\360Amigo]
2011-03-19 23:17 4743240 ----a-w- c:\program files\360Amigo\360Amigo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-10-13 10:16 165144 ----a-w- c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\programmi\File comuni\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-26 22:39 323392 ----a-w- c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2009-04-14 10:52 86016 ----a-w- c:\programmi\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverChecker.exe]
2009-12-31 15:36 13561856 ----a-w- c:\programmi\Driver Checker\DriverChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32 1352272 ----a-w- c:\programmi\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-09 17:23 133104 ----atw- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InnoSetupRegFile.0000000001]
2009-09-02 04:30 687104 ----a-w- c:\windows\is-QOJPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 16:08 443728 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MegakeyUpdater]
2011-01-13 05:38 64000 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegakeyUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-26 22:42 2937528 ----a-w- c:\programmi\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
1998-07-03 10:51 25088 ------r- c:\programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-12-10 12:28 247144 ----a-w- c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-06-06 13:03 222504 ----a-w- c:\programmi\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2007-12-20 15:05 77824 ------w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"UxTuneUp"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ServiceLayer"=3 (0x3)
"gusvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DriverUpdate"="c:\programmi\DriverUpdate\DriverUpdate.exe" -boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\filehippo.com\\UpdateChecker.exe"=
"c:\\Programmi\\mIRC\\mirc.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\Programmi\\FirefoxPortable\\App\\Firefox\\firefox.exe"=
"c:\\Programmi\\FreePOPs\\freepopsd.exe"=
"c:\\Programmi\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\eMule\\eMule.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Programmi\\Steam\\Steam.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Programmi\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\RpcAgentSrv.exe"=
"c:\\Programmi\\SiSoftware\\SiSoftware Sandra Professional Home 2011.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26731:TCP"= 26731:TCP:*:Disabled:SolidNetworkManager
"26731:UDP"= 26731:UDP:*:Disabled:SolidNetworkManager
"5009:TCP"= 5009:TCP:SolidNetworkManager
"5009:UDP"= 5009:UDP:SolidNetworkManager
"56827:TCP"= 56827:TCP:Pando Media Booster
"56827:UDP"= 56827:UDP:Pando Media Booster
"1054:TCP"= 1054:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 as6eio;as6eio;c:\windows\System32\drivers\as6eio.sys [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-11-30 1483072]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gwiopm;gwiopm;c:\programmi\My Drivers\gwiopm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-03 3604720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programmi\SiSoftware\SiSoftware Sandra Professional Home 2011.SP1a\RpcAgentSrv.exe [2009-08-09 93848]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-01-06 22024]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2010-01-06 27656]
S0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\DRIVERS\tdrpm147.sys [2009-06-12 971232]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-04-03 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-04-03 53248]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-10-01 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-10-01 96408]
S1 is-6O6IHdrv;is-6O6IHdrv;c:\windows\system32\DRIVERS\05165413.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.sys [2009-09-02 74480]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-01 735960]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmi\File comuni\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-08-24 10448]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-11 65856]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2005-07-15 45696]
S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [2006-11-11 66944]
S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Administrator\Desktop\Programmi\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S3 ft1kEnum;usb Card Device 1000;c:\windows\system32\DRIVERS\ic1kenum.sys [2011-02-06 8832]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2005-07-15 56960]
S3 Reader_1000;USB SmartCard Reader Device 1000 ;c:\windows\system32\DRIVERS\usbic1k.sys [2011-02-06 9856]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-04-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-COMPUTER-A04070-Administrator.job
- c:\programmi\File comuni\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 14:04]
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-842925246-1177238915-500.job
- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-10-09 17:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Capture Web Page - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\CaptureWebPage.htm
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\programmi\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programmi\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\MegaUpload.htm
IE: Scarica con Mipony - file://c:\programmi\MiPony\Browser\IEContext.htm
LSP: c:\documents and settings\All Users\Dati applicazioni\Megamedia\Megakey\msadm.dll
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ln9e66g5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_ ... ST&search=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\programmi\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\programmi\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmi\Java\jre6\lib\deploy\jqs\ff
FF - Ext: MegaKey: {1D3DB383-DB45-45b2-9F46-91218CA2CBCB} - c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Megamedia\Megakey\{1D3DB383-DB45-45b2-9F46-91218CA2CBCB}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-Simp - (no file)
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-583907252-842925246-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87118821-B996-BE12-BBCA-B6BDF39E5A17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abpnmffeooajilkcafhegojfckkhekkbkg"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,
6f,64,6e,6b,66,62,64,67,00,00
"pafncffijobobldilcdhknhghadjfdoo"=hex:6a,61,6d,6d,6c,66,70,62,6c,70,69,68,6f,
64,6e,6b,66,62,64,67,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07A774A0-6047-11D1-BA20-006097D2898E}]
@DACL=(02 0000)
@="Logagent Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEE3E4A8-EF01-4024-A0F1-809D9B096E14}]
@DACL=(02 0000)
@="Windows Media Player Encoder Helper Class"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Programmi\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{AC0A97B5-991D-4761-B4E9-B6F9811B6A38}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.1"
"UniqueId"="0003DDCE4B12D900"
"ScannerBuild"=dword:0000167c
"ScannerVersionId"=dword:0000117a
"ScannerVersion"="Open window for status."
"FixId"=dword:00000007
"ei2"=hex(b):90,5e,74,b8,3a,7a,6a,b0
"ei1"=hex(b):00,1a,92,bb,92,be,00,00
"ei3"=hex(b):fb,8c,7c,4d,00,00,00,00
"ei4"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="4FB598A81C297AD6EE0812567CA44E64AC17A8865E4A138F4F09603F6B6CFA61DF5E03CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555BA7FD869164D6794533C1902A7B859338BB89CC266D665783264BF73002CFC4F0A9A6B5141C99AD61EFA18840C0C1B89425006EB64724B2CADCC87BE95C3711F211F5B02DB7D75F01CC31542A02291C9A0B71D295044162310F6B75AB0EC37D08C421DA5D757F6D67340AA88A16A11965E6B95FCC416024540473C9AEF73162F05F7FA86753B8EDA4F131A360E86D2E83855C97B2469B1CCAB19286AB353B7DD48A6DC84B6C20FA3DDCE47BFA94D7109EDD7354E117129CCC2B92F48A03BAB4F182AD294623BB02A527CB9AEF9C7ED95C148FA33F41453A57A6A2EC59F1163CD3A510FBA01A70FBCE3179C1D4CB72D04FB6EDC7BF96EFC11CAE2228A5F6D35F478DE6915613C287B4B0F41BDAE8C78186988C50C92CFD71A314B2C4FD01D5C35208ADC5295E260DEC8C79A53F36E7A6F5747C2DCF0BBF721ADC29363A79FF555827D07B3F4397FAE1E1B403633B645769C4F837D8E6958D8C55C40A85E2A85EBF658AB131890B0091353EE5348F44BF00EBADD8D26C355CA029CC095B1A4F068D42F325ADD6E825FF0B1872A52EB66F40815CAC3B96BB0D0ED7DC7B3A2AC8288FB062589E78D697987688B50B31152EEEA6067E80DB3101C9BECAB23F69169E24B5A32321D593B6E28A1A36C948F301C1A9172D827247CAE1E4E64143759B6DEAB1B2EFD277435ADAA789DBBDEC4048FFC91D386557764E28F76124EAFBAE2BB84290FA7743576F86A7C678E43C536307FBC1376269E97628BAF742B73A44687C3DDEF7DB7A302E5C332944833D613B911655DC2EF3C4DADB338F298D6B421A8DB030E6265FDBEDD9B925E6367F34BB825CF8218C8271C19AC42979A72C113D7C2D84F4FB835789ED687A069DACA7292B4B4F8B78EEC844C9DF28EC524D1A521F011B84E31EFDEB961F2D9FBCBBD027CB9415876E04BE5C234E4AB458D25C06664D2F6808D070516A9A7AFCFBD635501B317DEBEA33607CA22A6E35792A835DA20B95696D78863ECA1EEE8ACF787AD00A74BEB8CFDD5908B993951CC5C83B308A6D4CA59D7B453CBBF83F1EE85A6302B9D668572DE8510795614B18E598D534B05A66BA29B02951400165A85B574E28A1FE45594F2D37561922067153A518C55C6267364F51B4EFB60C956F69BD734F7BDB8A5ADB18598640F3BF7EEF212C02AFEBF421FFDDA820F63B8BD5A0EEA74228B4769095190327512370DBE3EC231A2C1D0D86B0CD4202710EC0D5CA97C568C22E7B5894DA2DE5B63DBF5BA980D056B29ACDFF4BF4E74F970E6E2BC4B8D748C1CE8C124"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1916)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Ora fine scansione: 2011-04-20 00:03:57
ComboFix-quarantined-files.txt 2011-04-19 22:03
.
Pre-Run: 59'216'257'024 byte disponibili
Post-Run: 59'188'068'352 byte disponibili
.
- - End Of File - - 6DB88C39ECD50DBFA8743EF01D03E40D
Ho anche usato l'MBR per vedere se era tutto ok, ecco qui il risultato:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: tor_6V160E0__________________________ rev.11900 -> Harddisk0\DR0 -> \Device\00000083
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Windows 5.1.2600 Disk: tor_6V160E0__________________________ rev.11900 -> Harddisk0\DR0 -> \Device\00000083
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Spero davvero in un vostro aiuto perché oramai non so più che fare.